EnvSeal is a decentralized, local-first, cloud-agnostic secret management CLI tool. Unlike traditional solutions, it does not store your secrets on a central server. Instead, it uses asymmetric cryptography to store encrypted secrets directly in your Git repository (Single Source of Truth) and uses a P2P protocol for the secure distribution of access keys among developers.
- Decentralized Storage: Secrets are stored in your Git repository, eliminating the need for a central server.
- Local-First: Work with your secrets offline and sync changes when you're back online.
- Asymmetric Cryptography: Securely encrypt and decrypt secrets using public/private key pairs.
- P2P Key Distribution: Share access keys securely among team members without relying on a central authority.
- Git Integration: Seamlessly integrates with Git workflows, making it easy to manage secrets alongside your code.
- Cross-Platform: Available on Windows, macOS, and Linux.
You can install EnvSeal CLI using Go:
go install github.com/envseal/cli@latestAlternatively, you can download pre-built binaries from the releases page or install via Homebrew on macOS:
brew install envseal/tap/envsealAfter installation, you can start using EnvSeal CLI with the following commands:
envseal init # Initialize EnvSeal in your Git repository
envseal set <key>=<value> # Set a new secret
envseal unset <key> # Remove a secret
envseal users add <user> <public_key> # Add a user with their public key
envseal users remove <user> # Remove a user
envseal rekey [--rotate] # Encrypt secrets and update access permissions
envseal exec -- <command> # Execute a command with secrets injected into the environment
envseal doctor # Check the integrity of your EnvSeal setupPrint all commands with envseal --help and get detailed help for each command with envseal <command> --help.
Contributions are welcome! Please read the contributing guidelines for more information on how to get started.
This project is licensed under the Apache License 2.0. See the LICENSE file for details.